<?php
switch($submenu)
{
	default:
?>
	<h2>Update Password</h2>
	<form action="?m=<?php echo $menu; ?>&md=update_password" class="cmxform" id="form_password" method="POST">
		<fieldset>
			<?php if(empty($_SESSION["login.password"])) { ?>
			<legend>Kosongkan field <u>old password</u> apabila Anda belum pernah melakukan setting password sebelumnya</legend>
			<?php } ?>
			<p>
				<label for="password">Old Password</label>
				<input id="old_password" name="old_password" value="" type="password" />
			</p>
			<p>
				<label for="password">New Password</label>
				<input id="new_password" name="new_password" value="" type="password" />
			</p>
			<p>
				<label for="password">Confirm Password</label>
				<input id="confirm_password" name="confirm_password" value="" type="password" />
			</p>
			<p>
				<input class="submit" id="daftar" type="submit" value="Simpan"/>
			</p>
		</fieldset>
	</form>
<?php
	break;
	
	case "update_password":
	if(!empty($_POST["new_password"]) && !empty($_POST["confirm_password"]))
	{
		$old_md5 = md5($_POST["old_password"]);
		if(empty($_SESSION["login.password"]))
			$where_password = " AND vcMD5Password IS NULL ";
		else
			$where_password = " AND vcMD5Password = '$old_md5' ";
		$check_password = mysql_num_rows(mysql_query("SELECT * FROM mcustomer WHERE vcKode = '".$_SESSION["login.username"]."' AND intStatus = 1 $where_password"));
		if($check_password > 0)
		{
			$password_md5 = md5($_POST["new_password"]);
			$update_password = mysql_query("
			UPDATE mcustomer SET
			vcPassword = '".$_POST["new_password"]."',
			vcMD5Password = '".$password_md5."'
			WHERE vcKode = '".$_SESSION["login.username"]."'");
			if($update_password)
			{
				$_SESSION["login.password"] = $password_md5;
				$_SESSION["$menu.warning_box"] = "valid";
				$_SESSION["$menu.warning_msg"] = "Update Password berhasil";
			}
			else
			{
				$_SESSION["$menu.warning_box"] = "error";
				$_SESSION["$menu.warning_msg"] = "Update Password gagal";
			}
		}
		else
		{
			$_SESSION["$menu.warning_box"] = "warning";
			$_SESSION["$menu.warning_msg"] = "Update Password gagal - Old Password tidak tepat";
		}
	}
	die("<meta content='0;URL=?m=$menu' http-equiv='refresh' />");
	break;
}
?>